Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Diego_Javier_Me
Participant

GW 1400 - anti-spoofing issue, all traffic blocked.

Hello. There is a 1400 gateway with anti spoofing issues.

I added a new subnet, associated it to a couple of interfaces,  and it worked, for a couple of days. Then, traffic to that new subnet began to be dropped because of an anti-spoofing alert. There is the global property which could be disabled, but I found no other tool to troubleshoot or solve it. There are 2  other LANs on the same gw, and no problem with them.

Thank you very much.

Best regards.

6 Replies
Vladimir
Champion
Champion

Traffic is being dropped FROM a source incorrectly identified on the interface.

So if you are seeing drops TO your new subnet properly identified on the interfaces it is actually belongs to, look if the source network of the traffic is also associated to the interfaces it is connected to.

It is also possible that your source host may have multiple IPs, and the origin does not belong to a network associated with the interface of the 1400.

0 Kudos
Diego_Javier_Me
Participant

This is what the layout  looks like.

Apparently, New LAN and Subnetwork 4 are set up in the same way.

0 Kudos
AlekseiShelepov
Advisor

For me your description looks a bit strange, as for Vladimir.

And I belive that you could share screenshot from your logs, drawing, and antispoofing settings with real IPs because they are internal ones. Or at least change them to something like 10.10.10.X, 20.20.20.X.

I added a new subnet, associated it to a couple of interfaces,  and it worked, for a couple of days. Then, traffic to that new subnet began to be dropped because of an anti-spoofing alert. 

Antispoofing should be configured in such way:

interface A - subnet1 + subnet2

interface B - subnet4

interface C - NewLan

It would mean that from this interface only traffic from these networks is expected, other traffic will be dropped. So, antispoofing check source IP only on this interface. If you have some asynchronous routing or servers with several interfaces in different networks, this could lead of course to blocking by antispoofing.

0 Kudos
Vladimir
Champion
Champion

If your Subnetwork1 is NATed behind RT interface connected to CheckPoint 1400 on its way to the Subnetwork4, this may explain why it is working between 1 and 4 and does not between 1 and New LAN.

Diego_Javier_Me
Participant

A more detailed topology and settings.

Thanks

0 Kudos
Vladimir
Champion
Champion

The only thing that comes to mind is to try changing your routing table:

to point 10.16.0.0/24 to the LAN1 as its next hop.

It looks to me that you are obfuscating the real IPs in your post, so I cannot vouch for not missing something vital.

There is an option to disable antispoofing on gaia embedded globally, but not on any particular interface or to ignore a particular network.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events